sevdesk-agent-cli
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions involve downloading and running the
@codecell-germany/sevdesk-agent-skillpackage from the npm registry usingnpx. This is a vendor-owned resource. - [COMMAND_EXECUTION]: The agent is instructed to execute the
sevdesk-agentCLI ornodeto interact with the Sevdesk API and perform operations such as creating contacts or exporting PDFs. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via data processed from the Sevdesk API.
- Ingestion points: Data describing business objects (invoices, contacts, quotes) is fetched from the external Sevdesk API and ingested into the agent context (SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions that might be embedded in the API data.
- Capability inventory: The skill has capabilities to modify state via API write and delete calls and can write files to the local system (SKILL.md).
- Sanitization: No explicit sanitization or validation of the API-returned content is mentioned in the provided documentation.
Audit Metadata